AI-written malware is here, and going after victims already
Researchers reveal first concrete evidence
· TechRadarNews By Sead Fadilpašić published 25 September 2024
HP Arctic Wolf researchers claim to have found evidence hackers are using Generative Artificial Intelligence (GenAI) tools to create malware and other malicious code.
GenAI tools, such as ChatGPT, or Gemini, are being used left and right to create convincing phishing emails, professional-looking landing pages, and similar, the researchers are saying, and the evidence is apparently overwhelming.
However, when it comes to spotting malware code written by robots, it’s a different story: “To date there has been limited evidence of threat actors using GenAI tools to write code,” HP said.
The French under attack
Whether or not HP has been the first is hard to tell, as security firm Proofpoint made a similar claim back in April 2024 concerning a PowerShell malware strain.
Regardless of the timing, HP says it identified a campaign targets the French-speaking community with a VBScript and JavaScript that was probably written with the help of GenAI.
Therefore, the researchers believe these findings are a big deal: "Speculation about AI being used by attackers is rife, but evidence has been scarce, so this finding is significant,” commented Patrick Schläpfer, Principal Threat Researcher in the HP Security Lab.
“Such capabilities further lower the barrier to entry for threat actors, allowing novices without coding skills to write scripts, develop infection chains, and launch more damaging attacks.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors